#!/bin/bash

function blue(){
    echo -e "\033[34m\033[01m $1 \033[0m"
}
function green(){
    echo -e "\033[32m\033[01m $1 \033[0m"
}
function red(){
    echo -e "\033[31m\033[01m $1 \033[0m"
}
function yellow(){
    echo -e "\033[33m\033[01m $1 \033[0m"
}


#安装nginx

    green "====编译安装nginx耗时时间较长，请耐心等待===="
    sleep 1
    systemctl stop firewalld
    systemctl disable firewalld
    # yum install -y libtool perl-core zlib-devel gcc wget pcre* unzip
    apt-get update && apt-get install build-essential
    apt-get install -y make git curl
    #安装zlib
    if [ ! -d "~/zlib-1.2.11/" ]; then
    	wget https://zlib.net/zlib-1.2.11.tar.gz
    	tar xzvf zlib-1.2.11.tar.gz && rm zlib-1.2.11.tar.gz
    	# cd zlib-1.2.11 && ./configure &&make &&make install && cd ..
    fi
    if [ ! -d "~/openssl-1.1.1d/" ]; then
    	wget https://www.openssl.org/source/openssl-1.1.1d.tar.gz
    	tar xzvf openssl-1.1.1d.tar.gz && rm openssl-1.1.1d.tar.gz
    #打上补丁，并安装openssl最新版
    elif [ ! -d "~/openssl-patch/" ]; then
    	git clone https://github.com/hakasenyang/openssl-patch.git
    	cd openssl-1.1.1d/ && patch -p1 < ../openssl-patch/openssl-equal-1.1.1d_ciphers.patch
	    # make clean && ./config shared zlib-dynamic && make && make install
	    cd ..
	    #备份当前
	    # mv /usr/bin/openssl /usr/bin/openssl.bak
	    # mv /usr/include/openssl /usr/include/openssl.bak
	    #配置使用新版	    
	    # ln -s /usr/local/bin/openssl  /usr/bin/openssl && ldconfig -v
	    # echo "export LD_LIBRARY_PATH=/usr/local/lib" >> ~/.bashrc && export LD_LIBRARY_PATH=/usr/local/lib && ldconfig -v
	fi
    if [ ! -d "~/pcre-8.43/" ]; then
    	wget ftp://131.111.8.88/pub/pcre/pcre-8.43.tar.gz
    	tar xzvf pcre-8.43.tar.gz && rm pcre-8.43.tar.gz
    fi
    
    mkdir /etc/nginx
    mkdir /etc/nginx/ssl
    mkdir /etc/nginx/conf.d
    if [ ! -d "~/nginx-1.16.1/" ]; then
    	wget https://nginx.org/download/nginx-1.16.1.tar.gz
    	tar xzvf nginx-1.16.1.tar.gz && rm nginx-1.16.1.tar.gz
    fi
    cd nginx-1.16.1
    # ./configure --prefix=/etc/nginx --with-pcre=../pcre-8.43 --with-zlib=../zlib-1.2.11 --with-openssl=../openssl-1.1.1d --with-openssl-opt='enable-tls1_3' --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-stream --with-stream_ssl_module
    ./configure --prefix=/etc/nginx --without-select_module --without-poll_module --without-http_memcached_module --without-http_charset_module --without-http_ssi_module --without-http_userid_module --without-http_auth_basic_module --without-http_mirror_module --without-http_autoindex_module --without-http_geo_module --without-http_uwsgi_module --without-http_scgi_module --without-http_grpc_module --without-http_limit_conn_module --without-http_limit_req_module --without-http_empty_gif_module --without-http_upstream_hash_module --without-http_upstream_ip_hash_module --without-http_upstream_least_conn_module --without-http_upstream_random_module --without-http_upstream_keepalive_module --without-http_upstream_zone_module --without-stream_limit_conn_module --without-stream_access_module --without-stream_geo_module --without-stream_map_module --without-stream_split_clients_module --without-stream_return_module --without-stream_upstream_hash_module --without-stream_upstream_least_conn_module --without-stream_upstream_random_module --without-stream_upstream_zone_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_map_module --without-http_referer_module --with-http_ssl_module --with-http_gzip_static_module --with-http_v2_module --with-openssl=../openssl-1.1.1d --with-openssl-opt='enable-tls1_3' --with-zlib=../zlib-1.2.11 --with-pcre=../pcre-8.43
    make && make install
    ln -s /etc/nginx/sbin/nginx  /usr/bin/nginx

    green "====输入解析到此VPS的域名===="
    # read domain
    domain="summersmile.ml"

cat > /etc/nginx/conf/nginx.conf <<-EOF
user  root;
worker_processes  1;
error_log  /etc/nginx/logs/error.log warn;
pid        /etc/nginx/logs/nginx.pid;
events {
    worker_connections  1024;
}
http {
    include       /etc/nginx/conf/mime.types;
    default_type  application/octet-stream;
    log_format  main  '\$remote_addr - \$remote_user [\$time_local] "\$request" '
                      '\$status \$body_bytes_sent "\$http_referer" '
                      '"\$http_user_agent" "\$http_x_forwarded_for"';
    access_log  /etc/nginx/logs/access.log  main;
    sendfile        on;
    #tcp_nopush     on;
    keepalive_timeout  120;
    client_max_body_size 20m;
    #gzip  on;
    include /etc/nginx/conf.d/*.conf;
}
EOF

cat > /etc/nginx/conf.d/default.conf<<-EOF
server {
    listen       80;
    server_name  $domain;
    root /etc/nginx/html;
    index index.php index.html index.htm;
    location / {
        try_files \$uri \$uri/ /index.html?\$args;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /etc/nginx/html;
    }
}
EOF
    # systemctl restart nginx
    pkill -9 nginx 
    nginx

    apt-get install -y socat
    curl https://get.acme.sh | sh
    ~/.acme.sh/acme.sh  --issue  -d $domain  --webroot /etc/nginx/html/
    ~/.acme.sh/acme.sh  --installcert  -d  $domain   \
        --key-file   /etc/nginx/ssl/$domain.key \
        --fullchain-file /etc/nginx/ssl/fullchain.cer \
        --reloadcmd  "nginx -s reload"
	
#example
cat > /etc/nginx/conf.d/default.conf<<-EOF
server { 
    listen       80;
    server_name  $domain;
    rewrite ^(.*)$  https://\$host\$1 permanent; 
}
server {
   listen  443 ssl http2;
   ssl_certificate       /etc/nginx/ssl/fullchain.cer;
   ssl_certificate_key   /etc/nginx/ssl/$domain.key;
   ssl_protocols         TLSv1.2 TLSv1.3;
   ssl_ciphers           TLS13-AES-128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305;
     ssl_session_cache shared:SSL:100m;
     ssl_session_timeout 1h;

    server_name $domain;
    location / {
        root /etc/nginx/html;
        index index.php index.html index.htm;
    }
}
EOF
#personal use
# cat > /etc/nginx/conf.d/default.conf<<-EOF
# server { 
#     listen       80;
#     server_name  $domain;
#     rewrite ^(.*)$  https://\$host\$1 permanent; 
# }
# server {
#     listen 443 ssl http2;
#     server_name $domain;
#     root /etc/nginx/html;
#     index index.php index.html;
#     ssl_certificate /etc/nginx/ssl/fullchain.cer; 
#     ssl_certificate_key /etc/nginx/ssl/$domain.key;
#     #TLS 版本控制
#     ssl_protocols   TLSv1.3;
#     ssl_ciphers     TLS-AES-256-GCM-SHA384:TLS-CHACHA20-POLY1305-SHA256:TLS-AES-128-GCM-SHA256;
#     ssl_prefer_server_ciphers   on;
#     # 开启 1.3 0-RTT
#     ssl_early_data  on;
#     ssl_stapling on;
#     ssl_stapling_verify on;
#     #add_header Strict-Transport-Security "max-age=31536000";
#     #access_log /var/log/nginx/access.log combined;
#     location /mypath {
#         proxy_redirect off;
#         proxy_pass http://127.0.0.1:11234; 
#         proxy_http_version 1.1;
#         proxy_set_header Upgrade \$http_upgrade;
#         proxy_set_header Connection "upgrade";
#         proxy_set_header Host \$http_host;
#     }
#     location / {
#        try_files \$uri \$uri/ /index.php?\$args;
#     }
# }
# EOF

# systemctl restart nginx
nginx -s reload
